Reference upstream commits for CVE-2021-41819/ruby*

author: Salvatore Bonaccorso <carnil@debian.org> 2021-12-02 22:27:32 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-12-02 22:27:32 +0100
commit: 898315610b09a74cd5d457431f5e47cb77f6848f (patch)
tree: ace06530da6205ca92638f4724bcd76bebeb4386
parent: 745b9a484d56226dd66ba83082beaeb9648768bb (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 774124ab7f..bfebd81545 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -6283,7 +6283,7 @@ CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse]
 	- ruby2.3 <removed>
 	NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
 	NOTE: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
-	TODO: check upstream commits
+	NOTE: Fixed by: https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5 (v0.3.1)
 CVE-2021-41818
 	RESERVED
 CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods]
author	Salvatore Bonaccorso <carnil@debian.org>	2021-12-02 22:27:32 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-12-02 22:27:32 +0100
commit	898315610b09a74cd5d457431f5e47cb77f6848f (patch)
tree	ace06530da6205ca92638f4724bcd76bebeb4386
parent	745b9a484d56226dd66ba83082beaeb9648768bb (diff)